Security

How can I make sure a role setting takes precedence over other role settings?

twinspop
Influencer

I have a user that belongs to a few roles that use LDAP for auth. These roles have srchMaxTime set to 600. I need to cap the user at 300 seconds for srchMaxTime. I have set-up 2 roles named aaa_search_abuser and zzz_search_abuser with this setting, and assigned the user to those roles (in addition the the other roles he belongs to). However, the user still shows with a 600 srchMaxTime. It seems like the role engine is choosing the highest value, not any sort of order-based process.

How can I make sure a role setting takes precedence over other role settings?

thanks

0 Karma

jkat54
SplunkTrust
SplunkTrust

According to authorize.conf.spec srchMaxTime inherits the maximum from the other roles.

http://docs.splunk.com/Documentation/Splunk/6.5.1/admin/Authorizeconf

Looks like you need a role specifically for this user.

0 Karma

ddrillic
Ultra Champion
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...